Wireshark

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
• The most powerful display filters in the industry
• VoIP analysis
• Live capture and offline analysis are supported
• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
• Capture files compressed with gzip can be decompressed on the fly
• Hundreds of protocols are supported, with more being added all the time
• Coloring rules can be applied to the packet list, which eases analysis

• BUG FIXES:
• wnpa-sec-2018-34[1]: BGP dissector large loop. Bug 13741[2]. CVE-2018-14342[3].
• wnpa-sec-2018-35[4]: ISMP dissector crash. Bug 14672[5]. CVE-2018-14344[6].
• wnpa-sec-2018-36[7]: Multiple dissectors could crash. Bug 14675[8]. CVE-2018-14340[9].
• wnpa-sec-2018-37[10]: ASN.1 BER dissector crash. Bug 14682[11]. CVE-2018-14343[12].
• wnpa-sec-2018-38[13]: MMSE dissector infinite loop. Bug 14738[14]. CVE-2018-14339[15].
• wnpa-sec-2018-39[16]: DICOM dissector crash. Bug 14742[17]. CVE-2018-14341[18].
• wnpa-sec-2018-40[19]: Bazaar dissector infinite loop. Bug 14841[20]. CVE-2018-14368[21].
• wnpa-sec-2018-41[22]: HTTP2 dissector crash. Bug 14869[23]. CVE-2018-14369[24].
• wnpa-sec-2018-42[25]: CoAP dissector crash. Bug 14966[26]. CVE-2018-14367[27].
• ISMP.EDP "Tuples" dissected incorrectly. Bug 4943[28].
• Wireshark - Race issue when switching between files using Wireshark’s "Files in Set" dialog. Bug 10870[29].
• Sorting on "Source port" or "Destination port" column sorts alphabetically, not numerically. Bug 11460[30].
• Wireshark crashes when changing profiles. Bug 11648[31].
• Crash when starting capture while saving capture file or rescanning file after display filter change. Bug 13594[32].
• Crash when switching to TRANSUM enabled profile. Bug 13697[33].
• TCP retransmission with additional payload leads to incorrect bytes and length in stream. Bug 13700[34].
• Wireshark crashes with single quote string display filter. Bug 14084[35].
• randpkt can write packets that libwiretap can’t read. Bug 14107[36].
• Wireshark crashes when loading new file before previous load has finished. Bug 14351[37].
• Valid packet produces Malformed Packet: OpcUa. Bug 14465[38].
• Error received from dissect_wccp2_hash_assignment_info(). Bug 14573[39].
• CRC checker wrong for FPP. Bug 14610[40].
• Cross-build broken due to make-dissectors and make-taps. Bug 14622[41].
• Extraction of SMB file results in wrong size. Bug 14662[42].
• 6LoWPAN dissector merges fragments from different sources. Bug 14700[43].
• IP address to name resolution doesn’t work in TShark. Bug 14711[44].
• "Decode as" Modbus RTU over USB doesn’t work with 2.6.0 but with 2.4.6. Bug 14717[45].
• proto_tree_add_protocol_format might leak memory. Bug 14719[46].
• tostring for NSTime objects in lua gives wrong results. Bug 14720[47].
• Media type "application/octet-stream" registered for both Thread and UASIP. Bug 14729[48].
• Crash related to SCTP tap. Bug 14733[49].
• Formatting of OSI area addresses/address prefixes goes past the end of the area address/address prefix. Bug 14744[50].
• ICMPv6 Router Renumbering - Packet Dissector - malformed. Bug 14755[51].
• WiMAX HARQ MAP decoder segfaults when length is too short. Bug 14780[52].
• HTTP PUT request following a HEAD request is not correctly decoded. Bug 14793[53].
• SYNC PDU type 3 miss the last PDU length. Bug 14823[54].
• Reversed 128 bits service UUIDs when Bluetooth Low Energy advertisement data are dissected. Bug 14843[55].
• Issues with Wireshark when the user doesn’t have permission to capture. Bug 14847[56].
• Wrong description when LE Bluetooth Device Address type is dissected. Bug 14866[57].
• LE Role advertisement type (0x1c) is not dissected properly according to the Bluetooth specification. Bug 14868[58].
• Regression: Wireshark 2.6.0 and 2.6.1 are unable to read NetMon files which were readable by previous versions. Bug 14876[59].
• Wireshark doesn’t properly display (deliberately) invalid 220 responses from Postfix. Bug 14878[60].
• Follow TCP Stream and click reassembled content moves you to incorrect current packet. Bug 14898[61].
• Crash when changing profiles while loading a capture file. Bug 14918[62].
• Duplicate PDU during C Arrays Output Export. Bug 14933[63].
• DCE/RPC not dissected when "reserved for use by implementations" flag bits set. Bug 14942[64].
• Follow TCP Stream truncates output on missing (but ACKed) segments. Bug 14944[65].
• There’s no option to include column headings when printing packets or exporting packet dissections with Qt Wireshark. Bug 14945[66].
• Qt: SCTP Graph Dialog: Abort when doing analysis. Bug 14971[67].